EDIT, thanks everyone. I have enough info now on what I needed.
Basically the above ^
EDIT, thanks everyone. I have enough info now on what I needed.
Basically the above ^
To check for a split tunnel, all you have to do is check your routing table, but if you can’t (I can only help on Linux and maybe Mac) just turn it off, check your external IP address (https://docs.as701.net/ip.php) then turn it on. If it changes, it’s probably not a split tunnel, if it stays the same, it people is split (and therefore they’re not spying).
Yes… I mean it takes extra effort to set up a split tunnel so I would just presume they can…
If they call you on something though you should say you had assumed it was a split tunnel and ask them why they spied on you unnecessarily.
If it’s a work device, treat it as such. If it’s a personal device, setup a virtual box or buy a cheap secondary device.
Also if your company is requesting you to install a VPN on a personal device, it’s a gigantic security risk (to them) for all kinds of reasons.
Lastly, if you’re asking if the company can see your activity on your personal devices through your work device the answer is no.
Can they see you in your house? No.
Can they see other devices in your house? No.
Can they see that you opened a pic of Pamela Anderson stored on your local hard drive? No.
Can they see that you went to PamelaAnderson.com? Assume they can.
Can they see that you played “minesweeper” from a local exe? No, they cannot.
Can they see that that minesweeper downloaded ads from the internet to display to you? Assume they can.
Do they care what you’re doing? Depends on the company and if the IT people, or the higher ups hate you. Some companies will look for reasons to fire people they don’t like, and have IT sniff out indiscretions. When I’ve been asked to do this before I’ve always made it my policy to check and see what everyone else does at the same time… and then report any “pets” at the same time, which usually discourages further sniffing.
Having said this, if this is a work device, they might well have Mobile Device Management software installed on it (MDM). If that’s the case, assume they can see everything you do on it and act accordingly.
So it really depends on your companies level of sophistication and configuration of software.
Are they licensed for software that can monitor you, BUT do they even have it up-to-date to use that feature.
OK maybe it’s up to date, is it even configured? Good questions.
Most VPN software for modern VPN/Firewalls can monitor, route or otherwise see all DNS queries/traffic. Some even do passive VPN where it will decide what traffic goes through the corporate tunnel vs your internet provider.
They may also have low resource usage Cybersecurity monitoring tools in the background. Many third party companies provide such software now that is really meant for protecting the end user and companies IP. But it can be misused or abused to track employees to a certain extent.
The bottom line is. If the hardware belongs to someone else or a company. Expect absolutely 0 privacy on that device
Thanks. Even though its my ISP?
I wish there was a pause button for the app so that I didn’t have to disconnect to do my NSFW stuff, then reconnect, which requires 2FA on mine.
why they spied on you unnecessarily.
Beware that if this is a company device, they most likely made the employees sign an infosec or something of the sort policy saying they reserve the right to look up any of your online activities whilst in that device. It should be always assumed that corporate VPNs are not split tunnel, as most of these are only handled in bundle with company devices.
Good to know. I’m not really going anywhere sketchy, but just curious. Thanks
Can they see you in your house? No.
Can they see other devices in your house? No.
Can they see that you opened a pic of Pamela Anderson stored on your local hard drive? No.
Can they see that you went to PamelaAnderson.com? Assume they can.
Can they see that you played “minesweeper” from a local exe? No, they cannot.
Can they see that that minesweeper downloaded ads from the internet to display to you? Assume they can.
The answer to all of these is. If they really wanted to and had the software to do it. They could.
I guess you do a full tunnel meaning everythign is routed over the VPN through your ISPs network to your comany and from there wherever the traffic should go.
If you are doing a split tunnel then company internal traffic is only sent over the VPN tunnel. Your YouTube/Spotify/P0rn traffic is going over your regular internet connection where you company can’t “see” into it.
You can find out by looking at the routing table after you connected. If your default route was altered (or more specific routes are present with a /1 prefix) then you can be certain that you are doing a full tunnel.
Yes because Cisco AnyConnect is more than a VPN. It also acts as a remote anti-virus type thing (I forgot what the actual term is) where it will kick you off the network if it detects you’ve been infected.
Can running their company’s VPN be bypassed by running their programs in a virtual box?
That is actually a good question. Haven’t tried this out myself. But as far as I’m concerned, if you make your VM connect directly into the computer’s network adapter as opposed to the VPN’s network adapter, in theory, the company shouldn’t be able to see your traffic. But as an IT person for a big company, I can safely say that most competent companies would not allow you to install stuff in their computers.
In my company most employees are entitled to admin rights and could install Virtualbox if they wanted to, but that’s not the case in most companies. Most of them do not allow anyone else besides IT personnel to have admin rights on computers.